Service Oriented Architecture - SOA

Service-Oriented Architecture - SOA - is a key technology for developing network-based services. I was pleased to find a reference to a talk by Patrick Steger at the International Conference on Java Technology.

Just reading the Abstract tells me that the subject is detailed and well structured accompanied by a working code sample. I'll post the video reference if available; please post it as a comment should you find it; thanks.

On the subject of network-based services, here is a reference to the Economist's article: A battle at the checkout.

Abstract - Standards for an interoperable, secure and flexible SOA

"SOA (Service-Oriented Architecture) is becoming the central strategy for more and more companies and therefore getting business critical. An enduring SOA has to provide very high grades of security and availability combined with good interoperability and usability to protect both, the valuable assets and the often tremendous investments of the company.

Based on WSIT (Web Services Interoperability Technologies, SUN Microsystems) and WCF (Windows communication foundation, Microsoft) an interoperable, secure and flexible SOA is feasible today. This talk will provide you with the theoretical background of the standards you need to know when aiming for that target.

During the talk we will create a simple yet secure and interoperable SOA system centred on the well known Calculator service.

The SOA is built on a step by step basis and introduces the following major security relevant WS-Standards:

  • XML Encryption
  • XML Signature
  • WS-Security
  • WS-MetadataExchange
  • WS Secure Exchange
  • WS-Trust
  • WS-SecureConversation
  • WS-SecurityPolicy
  • Security Assertion Markup Language (SAML)
  • eXtensible Access Control Markup Language (XACML)
For each Standard you will learn its purpose, status and relationship to the other standards.

The final SOA system supports a scenario where a client application requests metadata from a Calculator Service and uses that metadata to obtain the SecurityPolicy of that service. In addition the location of the Authentication Service issuing the required SAML Token to access the Calculator Service is retrieved from the metadata.

The client then authenticates with the central Authentication Service and receives a SAML Token in return. Using the SAML Token the client calls the Calculator Service's add operation.

The Calculator Service validates the SAML Token and asks the central Authorization Service to check the authorization of the client to use the add operation with the given parameters."

No comments: